How to make a cert trust through JAMF

New Contributor II

Is there any way is there to make a cert set as Always Trust in system keychain through JAMF? I have few devices where Zscaler cert is not set as Always Trust when the device got the certificate from Zscaler.


Contributor II

Yes I've done this for Zscaler. Upload the cert you have installed on a device, into a Configuration Profile, on the certificatate payload. I have the tick box 'Allow all apps access' ticked. The cert will be deployed to any scoped devices and will show as Always Trust.

New Contributor II

I have done this through a custom package using jamf composer

1) Push the zscalar root certificate through package which puts the certificate in x location on user system accessible to logged in user

2) Use the following post install script when you create the package for pushing

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain <filepath/xxxx.cer>

New Contributor II

I, too have used Composer to build a pkg to distribute and install .cer.  My sudo script is a bit different but basically the same as above.  My issue is that upon installation, I get the following error in /var/log/install.log

./postinstall: ***Error reading file /Library/Application Support/JAMF/Waiting Room/CA.cer

How do i get the pkg to extract the .cer from the .pkg into the "/Library/Application\ Support/JAMF/Waiting\ Room/" directory so i can run the sudo command?


New Contributor II

Gave up on distribution with pkg.  Used Configuration Profile and it worked great.

Thank you,